The following pit is designed for fuzzing a FTP server’s username / password field. The pit assumes the communication sequence of:
‘Receive Banner’ > ‘Send Username’ > ‘Receive Password Request’ > ‘Send Password’ > ‘Receive Response’.
This is designed to run locally on the same machine the server is listening on.
The following commands start the test:
# Fuzz Username peach ftp_username_password_fuzz.xml TestUsername # Fuzz Password peach ftp_username_password_fuzz.xml TestPassword